Results 1 to 6 of 6

Thread: sslv3 alert bad record mac

  1. #1
    lytledd is offline Elite Member
    Join Date
    Dec 2009
    Location
    Michigan
    Posts
    448
    Rep Power
    5

    Default sslv3 alert bad record mac

    At 10:30AM EST, we started receiving complaints of intermittent mail delivery problems:

    Note: Soap Fault. Please recreate and resend the message. Details below:
    Error Code: mail.SEND_FAILURE
    Error Text: SMTP server reported: MESSAGE_NOT_DELIVERED

    Reviewing /var/log/zimbra.log showed period (Every 10 or so seconds):

    Aug 6 12:17:11 wm postfix/smtpd[31623]: warning: TLS library problem: 31623:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1197:SSL alert number 20:
    Aug 6 12:17:11 wm postfix/smtpd[31623]: warning: TLS library problem: 31623:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1197:SSL alert number 20

    It seem to be very similar to:

    Bad Record Mac/SSL Errors after upgrading to ZCS 8.0.3

    But, we're running Zimbra 7.24 (Network Edition) on Ubunutu 10.04LTS. My Googling this problem hasn't brought up much that I can use.

    I have a ticket open with Zimbra, but also thought I'd post here, just in case someone has suggestions. As a side note:

    We renewed our SSL certificates 3 weeks ago (startcom ssl)

    Thanks!

    Doug
    Ben Franklin quote:

    "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,491
    Rep Power
    56

    Default

    Which cipher is being used (it should tell you in the lines before the ones you've posted)? If that's the problem you can try excluding that cipher and see if it works..
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    lytledd is offline Elite Member
    Join Date
    Dec 2009
    Location
    Michigan
    Posts
    448
    Rep Power
    5

    Default

    Aug 6 14:09:10 wm postfix/smtpd[8350]: Anonymous TLS connection established from assp.epiinc.inet[10.0.0.10]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)

    Since all SSL connections (At least showing in the logs) are DHE-RSA-AES256-SHA, and only every other connection is failing with that error, would disabling it prevent all commnunications?


    Thank,

    Doug
    Ben Franklin quote:

    "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

  4. #4
    lytledd is offline Elite Member
    Join Date
    Dec 2009
    Location
    Michigan
    Posts
    448
    Rep Power
    5

    Default

    I'm hoping I found a temporary work around, I turned off TLS on port 25. We're using ASSP as our SPAM filter.

    Doug
    Ben Franklin quote:

    "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

  5. #5
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,491
    Rep Power
    56

    Default

    Quote Originally Posted by lytledd View Post
    I'm hoping I found a temporary work around, I turned off TLS on port 25. We're using ASSP as our SPAM filter.
    Sorry about the late reply, I didn't realise this was from a specific anti-spam device and disabling TLS will solve that particular problem - I assume your ZCS isn't open to the internet? Which version of ZCS are you using?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    lytledd is offline Elite Member
    Join Date
    Dec 2009
    Location
    Michigan
    Posts
    448
    Rep Power
    5

    Default

    Zimbra 7.2.4 (NE) on Ubuntu 10.04LTS.

    ASSP maintainer said,

    Doug,

    SSL in Perl uses openssl libraries - so google for 'openssl SSL alert
    number 20'

    This may caused by too old or too different openssl versions.
    I've also got a response from Zimbra support, they asked me to upload my logs to their FTP site. Hopefully they'll point me in the right direction.

    Doug
    Ben Franklin quote:

    "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. SSLv3 Error in outlook
    By yavorr in forum Administrators
    Replies: 0
    Last Post: 06-14-2013, 12:19 AM
  2. How to enable sending to A record if MX record not found?
    By maxchowhk in forum Administrators
    Replies: 10
    Last Post: 10-06-2012, 06:39 PM
  3. ZCS 6.0 Alert
    By hpanchani in forum Developers
    Replies: 2
    Last Post: 02-02-2010, 08:55 PM
  4. Replies: 11
    Last Post: 05-12-2009, 06:26 AM
  5. ZCS Critical Bug Alert
    By jholder in forum Announcements
    Replies: 0
    Last Post: 05-17-2007, 05:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •